REMARKS 

[0003] Applicant respectfully requests entry of the following remarks and 
reconsideration of the subject application. Applicant respectfully requests entry of the 
amendments herein. The remarks and amendments should be entered under 37 C.F.R. 
§1.116 as they place the application in better form for appeal, or for resolution on the 
merits. 

[0004] Applicant respectfully requests reconsideration and allowance of all of the 
claims of the application. Claims 1-4, 6, 10, 19, 21, 22, and 36-60 are presently pending. 
Claims amended herein are 1, 36, 44, 51, 58, 59, and 60. Claims withdrawn or cancelled 
herein are 5, 7-9, 11-18, 20, and 23-35. New claims added herein are none. 

Formal Request for an Interview 

[0005] If the Examiner's reply to this communication is anything other than 
allowance of all pending claims, then I formally request an interview with the Examiner. 
I encourage the Examiner to call me — the undersigned representative for the Applicant 
so that we can talk about this matter so as to resolve any outstanding issues quickly and 
efficiently over the phone. 

[0006] Please contact me or my assistant to schedule a date and time for a 
telephone interview that is most convenient for both of us. While email works great for 
us, I welcome your call to either of us as well. Our contact information may be found on 
the last page of this response. 
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Claim Amendments 

[0007] Without conceding the propriety of the rejections herein and in the interest of 
expediting prosecution, Applicant amends claims 1, 36, 44, 51, 58, 59, and 60 herein. 
Applicant amends claims to clarify claimed features. Such amendments are made to 
expedite prosecution and quickly identify allowable subject matter. Such amendments 
are merely intended to clarify the claimed features, and should not be construed as further 
limiting the claimed invention in response to cited prior art. 



Substantive Matters 

Claim Rejections under § 102 

[0008] The Examiner rejects claims 1-4, 6, 10, 19, 21, 22, and 36-60 under §102. 
For the reasons set forth below, the Examiner has not shown that cited reference 
anticipates the rejected claims. 

[0009] Accordingly, Applicant respectfully requests that the § 102 rejections be 
withdrawn and the case be passed along to issuance. 

[0010] The Examiner's rejections are based upon the following reference: 
• Korn; Korn, US Patent No. 6,880,083 (issued Apr 12, 2005) 



Overview of the Application 

[0011] The Application describes a technology for limiting access to potentially 
dangerous code. Methods and systems are described that allow a control to be invoked 
only by an authenticated and authorized application. A web page is described that 
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invokes a software control that has been previously downloaded to a Client computer, or 
which is contained in the web page to be downloaded by the Client computer. The web 
page is digitally signed by the author so that the Client computer can ensure that the 
control is being invoked by a trusted source. A confirmation module located in a web 
browser on the Client computer or in the control itself authenticates the digital signature 
and confirms whether the web page is authorized by the Client computer to invoke the 
control. If the web page is authenticated and authorized, then the Client computer allows 
the web page to invoke the control. 

[0012] An invoking application is authenticated and authorized each time the 
control is invoked rather than only when the control is downloaded. Therefore, an 
unauthorized user cannot gain access to a control previously downloaded onto the Client 
computer. 

Cited Reference 

Korn 

[0013] Korn describes a technology for creating a secure script. Executable 
commands in the script are hashed, and the hashed values for the commands are 
encrypted and appended to the script. Before executing the script, a hashed value for 
each executable command in a script is computed and the encrypted hashed value 
appended to the script for each executable command in the script is decrypted to obtain a 
decrypted hashed value for each executable command in the script. The hashed value and 
the decrypted hashed value for each executable command is compared, and if the values 
are the same, the command is executed. 
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Anticipation Rejections 

[0014] Applicant submits that the anticipation rejections are not valid because, for 
each rejected claim, no single reference discloses each and every element of that rejected 
claim. 1 Furthermore, the elements disclosed in the single reference are not arranged in 
the manner recited by each rejected claim. 2 

[0015] The Examiner rejects claims 1-4, 6, 10, 19, 21, 22, and 36-60 under 35 
U.S.C. § 102(e) as being anticipated by Korn. Applicant respectfully traverses the 
rejections of these claims. Based on the reasons given below, Applicant asks the 
Examiner to withdraw the rejection of these claims. 

Independent Claim 1 

[0016] The Examiner indicates (Action, p. 2) the following with regard to this 
claim: 

4. As per claim 1 , Korn discloses a method, comprising: a first electronic device deriving a 
digital signature and associating the digital signature with a web page, wherein the web page 
includes code to invoke a control object, and wherein the web page does not include the control 
object (Korn: column 2 lines 39-65: hash value is generated for the script and the hash value is 
further encrypted as a digital signature); and subsequent to associating the digital signature with 
the web page, the first electronic device delivering the web page to a second electronic device 
capable of authenticating the digital signature such that the second electronic device executes at 
least a portion of the web page in response to authenticating the digital signature (Korn: column 
3 lines 50-65: the encrypted hash value is decrypted using the public key and compared to see if 
the script can be executed). 



1 "A claim is anticipated only if each and every element as set forth in the claim is found, either expressly or 
inherently described, in a single prior art reference." Verdegaal Bros. v. Union Oi! Co. of California, 814 F.2d 628, 
631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987); also see MPEP §2131. 

2 See In re Bond, 910 F.2d 831, 15 USPQ2d 1566 (Fed. Cir. 1990). 
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[0017] Applicant submits that Korn does not anticipate this claim because it does 
not show or disclose the following elements as recited in this claim (with emphasis 
added): 



• a first electronic device digitally signing a web page, wherein the web page 
includes code to invoke a control object, and wherein the web page does not 
include the control object; and 

• subsequent to associating the digital signature with the web page, the first 
electronic device delivering the web page to a second electronic device capable 
of authenticating the source of the web page based on the digital signature 
such that the second electronic device executes at least a portion of the web 
page in response to authenticating the digital signature 

[0018] In this Action, the Examiner equates the method regarding secure scripts 
disclosed by Korn with the method of "digitally signing a web page" and "authenticating 
the source of the web page based on the digital signature" recited in this claim. Applicant 
respectfully disagrees. 

[0019] Korn identifies a web page containing a script that is hashed and encrypted 
and a control object that may be signed. Korn does not disclose a server digitally signing a 
web page that does not include the control object as is claimed. Furthermore, Korn does not 
authenticate the source of the web page based on the digital signature as recited in this 
claim. 
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[0020] In Korn, a digital signature associated with a control object may be used to 
verify the authenticity of the control object, but does not prevent a second web page from 
maliciously accessing the control object that was previously downloaded to a client 
device by a first web page. By digitally signing a web page that includes code to invoke 
a control object, a client device can then verify the authenticity of the web page before 
allowing the web page to invoke the control object. While the control object itself may 
be digitally signed, the signature associated with the control object does not provide a 
way to verify the authenticity of the web page invoking the control object as in the instant 
claim. 

[0021] Consequently, Korn does not disclose all of the claimed elements and 
features of this claim. Accordingly, Applicant asks the Examiner to withdraw the 
rejection of this claim. 



Independent Claims 36, 44, 51, 58, 59, and 60 

[0022] Independent claims 36, 44, 51, 58, 59, and 60 contain similar features to 
those claimed in claim 1 discussed above, and were rejected using similar rational. Thus, 
Applicant submits that Korn does not anticipate these claims for at least the same reasons 
discussed above. Accordingly, Applicant asks the Examiner to withdraw the rejections of 
these claims. 
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Dependent Claims 2-4, 6, 10, 19-22. 37-43. 45-50, and 52-57 

[0023] These claims ultimately depend upon independent claim 1, 36, 44, and 52. 
As discussed above, claims 1, 36, 44, and 52 are allowable. It is axiomatic that any 
dependent claim which depends from an allowable base claim is also allowable. 
Additionally, some or all of these claims may also be allowable for additional 
independent reasons. 



Conclusion 

[0024] All pending claims are in condition for allowance. Applicant respectfully 
requests reconsideration and prompt issuance of the application. If any issues remain 
that prevent issuance of this application, the Examiner is urged to contact me before 
issuing a subsequent Action . Please call/email me or my assistant at your convenience. 



Respectfully Submitted, 

Dated: /Oy jz? in M$- 

Bea Koempel-Thomas 
Reg. No. 58213 
(509) 324-9256 x259 
bea@leehayes . com 
www, leehayes . com 



My Assistant: Carly Bokarica 
(509) 324-9256 x264 
carly@leehayes .com 
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